# HG changeset patch
# User Olaf Wintermann <olaf.wintermann@gmail.com>
# Date 1652519894 -7200
# Node ID eebc3d32c7c132b047d872174fac4cb6ad565503
# Parent  4a7dd7ff92c99dab6d214cd93c3d082566d8913d
escape child href in pg propfind

diff -r 4a7dd7ff92c9 -r eebc3d32c7c1 src/server/plugins/postgresql/webdav.c
--- a/src/server/plugins/postgresql/webdav.c	Sat May 14 10:49:04 2022 +0200
+++ b/src/server/plugins/postgresql/webdav.c	Sat May 14 11:18:14 2022 +0200
@@ -523,12 +523,17 @@
                 log_ereport(LOG_FAILURE, "pg_dav_propfind_do: query returned invalid path");
                 return 1;
             }
-            char *newres_href = pool_malloc(pool, pathlen+2);
-            memcpy(newres_href, path, pathlen);
+            if(pathlen > PG_MAX_PATH_LEN) {
+                log_ereport(LOG_FAILURE, "pg_dav_propfind_do: path too long: resource_id: %s", res_id);
+                return 1;
+            }
+            char *newres_href = pool_malloc(pool, (pathlen*3)+2);
+            util_uri_escape(newres_href, path);
             if(iscollection && path[pathlen-1] != '/') {
-                newres_href[pathlen++] = '/';
+                size_t newres_href_len = strlen(newres_href);
+                newres_href[newres_href_len] = '/';
+                newres_href[newres_href_len+1] = '\0';
             }
-            newres_href[pathlen] = '\0';
             
             // new resource
             resource = response->addresource(response, newres_href);
diff -r 4a7dd7ff92c9 -r eebc3d32c7c1 src/server/plugins/postgresql/webdav.h
--- a/src/server/plugins/postgresql/webdav.h	Sat May 14 10:49:04 2022 +0200
+++ b/src/server/plugins/postgresql/webdav.h	Sat May 14 11:18:14 2022 +0200
@@ -38,7 +38,9 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
-
+    
+#define PG_MAX_PATH_LEN 0x8000
+    
 typedef struct PgWebdavBackend {
     ResourceData *pg_resource;
     PGconn *connection;